Add/expose config to standalone to allow disabling SSRF protections for procedure HTTP requests

[gefjon]

Request from Discord: a user with a standalone deployment wants to make HTTP requests against internal local addresses, but is blocked by our SSRF protection. We have an internal, unstable cargo feature to disable this protection, allow_loopback_http_for_tests. We should figure out some sensible way to expose this at runtime via a config file.